Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Detected Instance RealPlayer not the same as installed version

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
David12846 Detected Instance RealPlayer not the same as installed version
Member 22nd Aug, 2011 06:58
Ranking: 4
Posts: 11
User Since: 29th Apr, 2008
System Score: N/A
Location: N/A
Greetings:

I just noticed one of my scan result is showing "RealPlayer 14.x" as being patched. It also says the detected version is "12.0.1.666". Why are these two values different? Why is Secunia saying the detected version is 12.0.1.666 ?

When I open Real Player, Real Player says my version is 14.0.6.666.

mogs

RE: Detected Instance RealPlayer not the same as installed version
[+]
This reply has been minimised due to a negative Relevancy Score.
This user no longer exists RE: Detected Instance RealPlayer not the same as installed version
Member 22nd Aug, 2011 09:38
Hi,

In some instances, the vendor will officially refer to the product as being one version, but not actually set the version information correctly.

So the difference between versions 12.x and 14.x (as referred to officially) could be found in the minor version numbers, where one could, for example, be 12.5.x.x and the other 12.7x.x.

The reason for this is a mystery, and the patterns are often strange.

However, to make it easier for users, we sometimes substitute the actual version numbers in the files (that frequently don't make any sense) with version numbers matching what is announced on the website (such as 14.x).

I believe that if we showed the version numbers as they actually were we'd get asked "Why can't I install the latest version?" very frequently, as users were rightfully confused by the conflicting information.

Hope this helps.
Was this reply relevant?
+0
-0
David12846 RE: Detected Instance RealPlayer not the same as installed version
Member 23rd Aug, 2011 01:47
Score: 4
Posts: 11
User Since: 29th Apr 2008
System Score: N/A
Location: N/A
Emil - Thanks for the reply.

I think I found where the discrepancy comes from. When I opened the property box for the executable (C:\Program Files\realplay.exe), the File Version was listed as 12.0.6.666 . That's the value that Secunia reported in the "Detected Version" column. When I ran the executable and opened the "About box", it said 14.0.6.666 .

I doubt Secunia opens every program on a User's PC (in the background) and looks INSIDE the application for the actual Version Number. If Secunia WAS able to open every program, PSI would probably be like a bear in a china shop!

Version Number 12.0.6.666 was probably the version number of the original executable I downloaded. I bet if I remove the application entirely, and download the whole application again, the version number _might_ say "14.0.6.666"... but I'm not going to do that (Have to do that with other programs that don't remove old versions when updates are applied!).

Thanks!

David
Was this reply relevant?
+0
-0
Anthony Wells RE: Detected Instance RealPlayer not the same as installed version
Expert Contributor 23rd Aug, 2011 17:21
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi David ,

I would save ypourself some money and not bet on it if I were you .

The PSI reads the metadata of specific files downloaded on your system .rather than "opening" a programme .The files it reads for a programme's existence and for it's actual version are often but not always the same . It then translates that as to whether what it is reading is a "secure" version . As it is reading the 12.x .exe file as an up to date/secure version , then it is not likely to be the original .exe version . As Emil says , that translates to 14.x :ie: being what you see in the "About" and at the website ; so that's what the PSI calls it - to try to minimise confusion , for the average user - having seen the "up to date" version in the detected instance metadata . Note the overlapping of most of the other "version" numbers including the "build #".

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability